antares

Member
  • Content count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About antares

  • Rank
    Member
  1. Thank you Emsisoft Team!

    A special thanks and appreciation goes out to Mr. Kevin Zoll of your staff. I presented this gentlemen with a problem that took him over two weeks of daily communications and special scrips being written by him to finally break through two locked drivers that were constantly regenerating a malware program known as smart service after being suspended and then removed. I had never heard of this company before then but Mr. Zoll persisted day after day using various programs which wouldn't work and personal scripts written by him until the problem was solved. Thank you Mr. Zoll for your tireless efforts on my behalf for I know this was indeed a challenge. to your abilities.. The efforts put forth by Mr. Kevin Zoll reflect great credit on himself and on the company the Emsisoft which he works. Sincerely, James , login in name ANTARES.
  2. Correct me jf I am wrong but I think I got a big clue last night. I was able to zemana Anti-malware to run for a brief few seconds before it was terminated. Zemana software told me that I was infected by a rootkit "WINNT/AdClicker....driver....ndistpr64.sys. If this is so what is the safe way to deal with it.
  3. Fixlist applied and ran within a few seconds follwoed by a reboot. However when I went to run JRT or Adwarecleaner, the result was the same..Resource is in use" software blocked. A friend of mine says there must be a driver hidden somewhere that is triggering this and we can't find it by the means used. Fixlist log attached Fixlog.txt
  4. FRST and ADDITION posted FRST.txt Addition.txt
  5. Program run as instructed. Results attached virusinfo_syscheck.zip
  6. This is all that Rough Killer is showing which is strange case I use antvideodownloader all the time and it's never caused an issue but it is the one highlighted in red. The program has either quarinteened or removed everything else but my cleaning programs still remained blocked. Today run.txt
  7. Roguekill Scan Report attached roguekill.txt
  8. Results of Safe Mode run. No change that I can see. Fixlog attached. The advice offered in the article is no longer valid. All avenues suggested by the article are now being blocked Restore Reset on Windows Recovery Environment is likewise blocked from running. Windows reinstall file from Microsoft is also blocked. A new HDD seems to be the only way out Fixlog.txt
  9. I finally got the code copied exactly as written. Checked it against a printout. Seems some of it was off the screen and didn't get copied. The computer was rescanned and removing any previous dates so that there was only today's scan present. Fixlist was then attached to the folder and desktop. It is now running. About how long should this run before I think something has gone wrong? Browser is Firefox 53. UPDATE ON FIX PROCEEDURE However, the results are not favorable. Apparently this malware keeps FRST from using the FIX option to rewrite the HDD. Nothing has changed and this time I got it right with your code page. See attached files. I am beginning to suspect that this problem is not fixable and that the only alternative it to replace the HDD. If you see something I missed or have additional options please post them. So far all attempts to remove this infection have failed. FRST_27-04-2017 22.13.27.txt Addition_27-04-2017 22.13.27.txt fixlist.txt
  10. That is exactly what I did. I copied only the lines from Close Processes down through Reboot but Windows 10 copies the whole thing and not just the highlighted area. I guess I shall have to copy it by hand since Copy and Paste don't seem to work as normal.
  11. Since there is often confusion in emails I am going to list step by step what I did. 1. I went into the fix log folder and removed all previous scans. 2, I scanned with frst and copied to desktop. 3. I copied your code beginning with "Close processes" and ending and including "reboot" 4, I titled this fixlist and placed it in the same folder with the two scan pages (frst & addition) and on the desktop. 5. I then ran Fix and waited 1 hr. Nothing happened. 6. I did another scan with frst to see if there were any changes. There were none. Apparently Frst Fix option is being prevented from overwriting the operating system with your corrections. 7. I then went inside C drive to find your ECC folder and ran a scan from there since your program will no longer install. "Cannot create Bin64\epp.sys" 8. Emsisoft scan indicated that the problem is getting worse with new additions to the list. Where there were 8 items there are now 16. 9. All files scans are attached. note -1 and -1a are renamed filed from the first scan by frst. 10. I just took a look at the fixlist file and it doesn't look at all like your code which I copied exactly from the email. Somehow when I copy and paste it, it gets changed into what you see. Your code for some reason isn't coping the way you wrote it. I highlighted only what was written in the code box. Is there another way to copy/paste the code other than to write it out longhand. This is probably where the problem lies in coping the code. will no longer install since it cannot create "bin64\sys" FRST_26-04-2017 23.48.49.txt Addition_26-04-2017 23.48.49.txt -1.txt -1a.txt fixlist.txt scan_170424-220942.txt
  12. Things are now turning worse. Before running FRST II wanted to generate a fresh report which is attached. Then your program crashed and upon reinstallation I got the following "cannot create bin64\epp.sys", so I downloaded a fresh copy but upon installation got the same error message. Something has gone wrong and I don't know how to correct it. scan_170424-210249.txt scan_170424-220942.txt
  13. Just so I am understanding you correctly, On the code page I copy the code only and not the words Close Processes at the beginning and the words Reboot at the end. Those lines are excluded form the Fixlist. Copy everything in between those words. .About how long should the operation run once fix is initiated?
  14. copied the code to a fixlist file ran the fix option on the FRST tool. the log is attached. Tool ran continuously for 6 hrs. programs AWD and JRT still refuse to load. "requested resource in use" Fixlog.txt
  15. Both ADWCleaner and JRT Removal Tool were both rejected at installation, "The Requested Resource is in Use."